Keane Lim 3c5fa979a4 Security guide update

Re-organized topic hierarchy

Tiny edit to restart review workflow.

Squashed with Resolved index.rst conflict commit

Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5
Signed-off-by: Keane Lim <keane.lim@windriver.com>
Signed-off-by: MCamp859 <maryx.camp@intel.com>

2021-03-12 15:10:40 -05:00

1.8 KiB

Raw Blame History

Create Certificates Locally using openssl

You can use openssl to locally create certificates suitable for use in a lab environment.

Create a Root Certificate and Key

Create the Root CA private key.

$ openssl genrsa -out my-root-ca-key.pem 2048

Generate the Root CA x509 certificate.

$ openssl req -x509 -new -nodes -key my-root-ca-key.pem \
-days 1024 -out my-root-ca-cert.pem -outform PEM

Create and Sign a Server Certificate and Key.

Create the Server private key.

$ openssl genrsa -out my-server-key.pem 2048

Create the Server certificate signing request (csr).

Specify CN=<WRCP-OAM-Floating-IP> and do not specify a challenge password.
```
$ openssl req -new -key my-server-key.pem -out my-server.csr
```

Create the list.

$ echo subjectAltName = IP:<WRCP-OAM-Floating-IP>,DNS:registry.local,DNS:registry.central > extfile.cnf

Use the my-root-ca to sign the server certificate.

$ openssl x509 -req -in my-server.csr -CA my-root-ca-cert.pem \
-CAkey my-root-ca-key.pem -CAcreateserial -out my-server-cert.pem \
-days 365 -extfile extfile.cnf

Put the server certificate and key into a single file.

$ cat my-server-cert.pem my-server-key.pem > my-server.pem

1.8 KiB Raw Blame History

Create Certificates Locally using openssl

1.8 KiB

Raw Blame History